North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Hey, SiteFinder is back, again...

  • From: Steven M. Bellovin
  • Date: Mon Nov 05 14:57:57 2007

On Mon, 5 Nov 2007 11:17:29 -0800
David Conrad <[email protected]> wrote:

> On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
> > What affect will Allegedly Secure DNS have on such provider
> > hijackings, both of DNS and crammed-in content?
> If what Verizon is doing is rewriting NXDOMAIN at their caching
> servers, DNSSEC will _not_ help.  Caching servers do the validation
> and the insertion of the search engine IP addresses in the response
> would occur after the validation.
Depends on whether or not the endpoints delegate DNSSEC validation to
Verizon.  They don't have to.

		--Steve Bellovin,